H
Homarr3w ago
DeDe

Admin groups - right permissions assignment

I'm looking to configure the owner / admin rights from ActiveDirectory groups, the basic user auth is ok, but the user don't get rights. My docker-compose.yml 
     AUTH_LDAP_USERNAME_ATTRIBUTE: sAMAccountName
     AUTH_LDAP_USER_MAIL_ATTRIBUTE: mail
     AUTH_LDAP_SEARCH_SCOPE: sub
     AUTH_LDAP_GROUP_CLASS: groupOfUniqueNames
     AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE: member
     AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE: distinguishedName
     AUTH_LDAP_OWNER_GROUP: Homarr_owners
     AUTH_LDAP_ADMIN_GROUP: Homarr_admins
     AUTH_LDAP_USERNAME_ATTRIBUTE: sAMAccountName
     AUTH_LDAP_USER_MAIL_ATTRIBUTE: mail
     AUTH_LDAP_SEARCH_SCOPE: sub
     AUTH_LDAP_GROUP_CLASS: groupOfUniqueNames
     AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE: member
     AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE: distinguishedName
     AUTH_LDAP_OWNER_GROUP: Homarr_owners
     AUTH_LDAP_ADMIN_GROUP: Homarr_admins
Thanks for your help !
Solution:
okay, i've found my mistake i think. No permissions have profiles predefined with the value inside the docker-compose.yml AUTH_LDAP_OWNER_ADMINS AUTH_LDAP_OWNER_OWNER ...
Jump to solution
15 Replies
Cakey Bot
Cakey Bot3w ago
Thank you for submitting a support request. Depending on the volume of requests, our team should get in contact with you shortly.
⚠️ Please include the following details in your post or we may reject your request without further comment: - Log (See https://homarr.dev/docs/community/faq#how-do-i-open-the-console--log) - Operating system (Unraid, TrueNAS, Ubuntu, ...) - Exact Homarr version (eg. 0.15.0, not latest) - Configuration (eg. docker-compose, screenshot or similar. Use ``your-text`` to format) - Other relevant information (eg. your devices, your browser, ...)
Frequently Asked Questions | Homarr documentation
Can I install Homarr on a Raspberry Pi?
Manicraft1001
Manicraft10013w ago
Hi, is the groups object flat?
DeDe
DeDeOP3w ago
flat ?
Manicraft1001
Manicraft10013w ago
And did you read our documentation at https://homarr.dev/docs/1.12.0/advanced/single-sign-on/ ?
Single Sign On | Homarr documentation
Homarr supports multiple authentication options, from internal userbase (credentials), to LDAP (with Active directory support), and OIDC.
DeDe
DeDeOP3w ago
Yes
Manicraft1001
Manicraft10013w ago
@Meierschlumpf can you check?
DeDe
DeDeOP3w ago
I've done before posting 😉
DeDe
DeDeOP3w ago
No description
DeDe
DeDeOP3w ago
homarr  | 2025-04-16T09:48:25.957Z info: Found 14 groups for user testuser.
homarr  | 2025-04-16T09:48:25.957Z info: Found 14 groups for user testuser.
With this configuration (i've try with dn as owner / admin group) 
     AUTH_LDAP_SEARCH_SCOPE: sub
     AUTH_LDAP_GROUP_CLASS: group
     AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE: member
     AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE: dn
     AUTH_LDAP_OWNER_GROUP: Homarr_owners
     AUTH_LDAP_ADMIN_GROUP: Homarr_admins
     AUTH_LDAP_SEARCH_SCOPE: sub
     AUTH_LDAP_GROUP_CLASS: group
     AUTH_LDAP_GROUP_MEMBER_ATTRIBUTE: member
     AUTH_LDAP_GROUP_MEMBER_USER_ATTRIBUTE: dn
     AUTH_LDAP_OWNER_GROUP: Homarr_owners
     AUTH_LDAP_ADMIN_GROUP: Homarr_admins
Groups are detected but rights are not applied 
homarr  | 2025-04-16T11:13:48.158Z info: Connected to LDAP server. Searching for user...
homarr  | 2025-04-16T11:13:48.175Z info: User testuser found in LDAP. Logging in...
homarr  | 2025-04-16T11:13:48.185Z info: User testuser logged in successfully, retrieving user groups...
homarr  | 2025-04-16T11:13:48.190Z info: Found 12 groups for user testuser.
homarr  | 2025-04-16T11:13:48.210Z info: User testuser not found in the database. Creating...
homarr  | 2025-04-16T11:13:48.233Z info: User testuser created successfully.
homarr  | 2025-04-16T11:13:48.269Z info: Added user to everyone group.
homarr  | 2025-04-16T11:13:48.158Z info: Connected to LDAP server. Searching for user...
homarr  | 2025-04-16T11:13:48.175Z info: User testuser found in LDAP. Logging in...
homarr  | 2025-04-16T11:13:48.185Z info: User testuser logged in successfully, retrieving user groups...
homarr  | 2025-04-16T11:13:48.190Z info: Found 12 groups for user testuser.
homarr  | 2025-04-16T11:13:48.210Z info: User testuser not found in the database. Creating...
homarr  | 2025-04-16T11:13:48.233Z info: User testuser created successfully.
homarr  | 2025-04-16T11:13:48.269Z info: Added user to everyone group.
Meierschlumpf
Meierschlumpf2w ago
What do you mean with rights are not applied? Homarr does neither create any groups from external providers or guesses what permissions they could have. So If you want the admins to have admin permission, you need to add a group in Homarr with the name Homarr_admins (matching the casing and name of ldap) and give them the permission for admin in Homarr
DeDe
DeDeOP2w ago
Hi, the groups are already created, but the users in theses groups not giving the rights (Homarr_admins => AdministratorPanel)
Meierschlumpf
Meierschlumpf2w ago
Can you set LOG_LEVEL to debug and login again. It should show something like User is already in all groups of Homarr. user=${userId} And can you maybe show a screenshot of your groups table in Homarr /manage/users/groups
DeDe
DeDeOP6d ago
I will check tomorrow 😉 I have this 
homarr  | 2025-04-24T14:54:53.839Z info: user testuser is trying to log in using LDAP. Connecting to LDAP server...
homarr  | 2025-04-24T14:54:53.846Z info: Connected to LDAP server. Searching for user...
homarr  | 2025-04-24T14:54:53.851Z info: User testuser found in LDAP. Logging in...
homarr  | 2025-04-24T14:54:53.855Z info: User testuser logged in successfully, retrieving user groups...
homarr  | 2025-04-24T14:54:53.858Z info: Found 14 groups for user testuser.
homarr  | 2025-04-24T14:54:53.860Z debug: Executed SQL query: select "id", "name", "image", "email", "email_verified", "provider" from "user" "users" where ("users"."email" = ? and "users"."provider" = ?) limit ?
homarr  | 2025-04-24T14:54:53.862Z debug: Executed SQL query: insert into "session" ("session_token", "user_id", "expires") values (?, ?, ?) returning "session_token", "user_id", "expires"
homarr  | 2025-04-24T14:54:53.870Z debug: Executed SQL query: select "name", "color_scheme" from "user" "users" where "users"."id" = ? limit ?
homarr  | 2025-04-24T14:54:53.839Z info: user testuser is trying to log in using LDAP. Connecting to LDAP server...
homarr  | 2025-04-24T14:54:53.846Z info: Connected to LDAP server. Searching for user...
homarr  | 2025-04-24T14:54:53.851Z info: User testuser found in LDAP. Logging in...
homarr  | 2025-04-24T14:54:53.855Z info: User testuser logged in successfully, retrieving user groups...
homarr  | 2025-04-24T14:54:53.858Z info: Found 14 groups for user testuser.
homarr  | 2025-04-24T14:54:53.860Z debug: Executed SQL query: select "id", "name", "image", "email", "email_verified", "provider" from "user" "users" where ("users"."email" = ? and "users"."provider" = ?) limit ?
homarr  | 2025-04-24T14:54:53.862Z debug: Executed SQL query: insert into "session" ("session_token", "user_id", "expires") values (?, ?, ?) returning "session_token", "user_id", "expires"
homarr  | 2025-04-24T14:54:53.870Z debug: Executed SQL query: select "name", "color_scheme" from "user" "users" where "users"."id" = ? limit ?
homarr  | 2025-04-24T14:54:53.872Z debug: Executed SQL query: select "group_id", "user_id", (select json_array("name") as "data" from (select * from "group" "groupMembers_group" where "groupMembers_group"."id" = "groupMembers"."group_id" limit ?) "groupMembers_group") as "group" from "groupMember" "groupMembers" where "groupMembers"."user_id" = ?
homarr  | 2025-04-24T14:54:53.873Z debug: Homarr does not have the user in certain groups. user=r36ad6sozqrvrqg8dn399dkj count=14
homarr  | 2025-04-24T14:54:53.874Z debug: Executed SQL query: select "id" from "group" "groups" where "groups"."name" in (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
homarr  | 2025-04-24T14:54:53.874Z debug: Homarr has found groups in the database user is not in. user=r36ad6sozqrvrqg8dn399dkj count=0
homarr  | 2025-04-24T14:54:53.875Z debug: User is already in all groups of Homarr. user=r36ad6sozqrvrqg8dn399dkj
homarr  | 2025-04-24T14:54:53.876Z debug: Executed SQL query: select "id", "name", "owner_id", "home_board_id", "mobile_home_board_id", "position", (select coalesce(json_group_array(json_array("group_id", "user_id")), json_array()) as "data" from "groupMember" "groups_members" where ("groups_members"."group_id" = "groups"."id" and "groups_members"."user_id" = ?)) as "members" from "group" "groups" where "groups"."name" = ? limit ?
homarr  | 2025-04-24T14:54:53.877Z info: User 'testuser' logged in at 2025-04-24T16:54:53+02:00
homarr  | 2025-04-24T14:54:53.872Z debug: Executed SQL query: select "group_id", "user_id", (select json_array("name") as "data" from (select * from "group" "groupMembers_group" where "groupMembers_group"."id" = "groupMembers"."group_id" limit ?) "groupMembers_group") as "group" from "groupMember" "groupMembers" where "groupMembers"."user_id" = ?
homarr  | 2025-04-24T14:54:53.873Z debug: Homarr does not have the user in certain groups. user=r36ad6sozqrvrqg8dn399dkj count=14
homarr  | 2025-04-24T14:54:53.874Z debug: Executed SQL query: select "id" from "group" "groups" where "groups"."name" in (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
homarr  | 2025-04-24T14:54:53.874Z debug: Homarr has found groups in the database user is not in. user=r36ad6sozqrvrqg8dn399dkj count=0
homarr  | 2025-04-24T14:54:53.875Z debug: User is already in all groups of Homarr. user=r36ad6sozqrvrqg8dn399dkj
homarr  | 2025-04-24T14:54:53.876Z debug: Executed SQL query: select "id", "name", "owner_id", "home_board_id", "mobile_home_board_id", "position", (select coalesce(json_group_array(json_array("group_id", "user_id")), json_array()) as "data" from "groupMember" "groups_members" where ("groups_members"."group_id" = "groups"."id" and "groups_members"."user_id" = ?)) as "members" from "group" "groups" where "groups"."name" = ? limit ?
homarr  | 2025-04-24T14:54:53.877Z info: User 'testuser' logged in at 2025-04-24T16:54:53+02:00
DeDe
DeDeOP6d ago
No description
Solution
DeDe
DeDe6d ago
okay, i've found my mistake i think. No permissions have profiles predefined with the value inside the docker-compose.yml AUTH_LDAP_OWNER_ADMINS AUTH_LDAP_OWNER_OWNER AUTH_LDAP_OWNER_USERS I was thinking groups are created with a predefined permissions profiles and sync from ldap using values set into the docker-compose.yml, To make ldap rights functional, it's necessary to manually create the groups and add the rights with the default admin account.

Did you find this page helpful?